Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
O
O
ObehanProger2019-07-20 10:12:09
iptables
ObehanProger, 2019-07-20 10:12:09

Is there a conflict between the ACCEPT and DROP rules in iptables for two ipset lists?

There are two lists badips and goodips, and they have some of the same ip addresses. goodips is set to ACCEPT policy DROP, and badips is set to DROP policy ACCEPT. What will happen to the ip addresses that are in both lists, will they be blocked or allowed? All rules for incoming INPUT packets

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
H
hint000, 2019-07-20
@ObehanProger

There is no conflict. The result depends on the order in which you write the rules. If ACCEPT comes first, then ACCEPT will work and the rule where DROP will simply not reach. And vice versa, if DROP first, then it will work. This is a general principle for the filter table: the rules in the chain are iterated until one works. As soon as it worked, we no longer look at the rest in this chain.

Similar questions
T
T_y_l_e_r2016-11-15 13:27:25
What does this iptables rule do? 1Reply
S
Sinot2019-04-16 13:49:16
How to change the gateway inside a network bridge? 3Reply
V
Valery Ivanov2014-11-30 16:35:49
Is it possible to implement port forwarding with two servers? 2Reply
D
DILYAR2016-11-29 13:44:43
Redirect to another ip:port? 1Reply
S
SysUtils2016-11-29 16:19:53
Setting up Iptables rules? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question